Do Not Complicate Routing Security with Voodoo Economics
ms7 at CS.Princeton.EDU
Mon Sep 5 14:25:50 UTC 2011
On Sep 5, 2011, at 11:55 AM, Dobbins, Roland wrote:
> The idea of origin validation is a simple one. The idea of path validation isn't to determine the 'correctness' or 'desirability' of a
> particular AS-path, but rather to determine the *validity* (or at least the *feasability*) of a given AS-path.
Sorry, I was misunderstood. To clarify, I was referring only to our work (http://www.cs.utoronto.ca/~phillipa/sbgpTrans.html), where security does play a small role in the route selection process (after LocalPref and AS-PATH length), and not to the BGPsec spec. The reason why we assume that security affects the route selection process is because otherwise, even an AS that deploys S*BGP, remains vulnerable to attacks. To see why, take a look at slides 10-13 of our NANOG presentation (http://www.cs.bu.edu/~goldbe/papers/Goldberg-TransitionToSBGP-NANOG.pdf, video available at http://www.cs.utoronto.ca/~phillipa/sbgpTrans.html). The basic idea is: if an AS prefers short paths over secure paths they'll be just as vulnerable to path-shortening attacks with and without S*BGP.
More information about the NANOG